CMS decryption of message with OAEP using Hardware security module

2020-02-17 Thread RudyAC 
Hi,

I have the requirement to decrypt e-mails where RSA-OAEP padding is used. I
use the library openssl-1.0.2k and decrypt with CMS container (CMS_decrypt).
This works very well unless the private key is stored in a Hardware security
module and the cryptographic operation is performed via the PKCS11 engine
from openssl.

When decrypting an email which uses OAEP I got the error message:
  
47235129370352:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:

To analyze the problem I encrypted an clear text using OAEP padding and
setup a decryption function using 
RSA_private_decrypt(). Here I use padding mode "RSA_NO_PADDING" and the
decryption also works with the PKCS11 engine. Unfortunately CMS does not
support setting the padding mode.

For any comments I would be very grateful 

Regards Rudy 



--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

QUIC in OpenSSL

2020-02-17 Thread Matt Caswell 
The OMC has just published a blog post on our thoughts on QUIC in
OpenSSL. You can read it here:

https://www.openssl.org/blog/blog/2020/02/17/QUIC-and-OpenSSL/

Matt

Re: OpenSSL on embedded systems

2020-02-17 Thread Jan Just Keijser 

On 17/02/20 11:51, Innocenti, Michele via openssl-users wrote:


Hi,

Which is the minimum footprint needed to use OpenSSL TLS 1.3 library 
in an embedded context?


Which embedded OS are supported? i.e. FreeRTOS, VxWorks, Micirium uC-OS



AFAICT, OpenSSL is supported on VxWorks, not on RTOS or uC-OS.

For embedded crypto libraries I would recommend mbed-tls (formerly 
polarssl) and wolfssl.

Both support TLS 1.3 in their latest releases.

HTH,

JJK

OpenSSL on embedded systems

2020-02-17 Thread Innocenti, Michele via openssl-users 
Hi,

Which is the minimum footprint needed to use OpenSSL TLS 1.3 library in an 
embedded context?

Which embedded OS are supported? i.e. FreeRTOS, VxWorks, Micirium uC-OS

Thanks
Michele

[cid:image001.png@01D1DDF5.DD36FEF0]

Michele Innocenti
Sr Principal Engineer, SW Eng
Baxter Healthcare Corporation
Via Modenese, nr.66 / 41036 Medolla (MO)
T. +39 0535.50578
michele_innoce...@baxter.com

Re: SSL_get_finished determine length

2020-02-17 Thread Samuel Williams 
So what is the valid way to do it? Invoke it with a 1 byte array? Maybe an
example should be added to the manual page?

On Thu, 6 Feb 2020 at 23:18, Marian Beermann  wrote:

> > Is it valid to call:
> >
> > size_t size = SSL_get_finished(ssl, NULL, 0);
>
> No
>
> > Because SSL_get_finished invokes memcpy even if the size is 0, so is the
> > undefined behaviour?
>
> Yes
>